{"url":"http://public2.vulnerablecode.io/api/packages/351731?format=json","purl":"pkg:apk/alpine/perl-image-exiftool@12.24-r0?arch=loongarch64&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"perl-image-exiftool","version":"12.24-r0","qualifiers":{"arch":"loongarch64","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"12.40-r0","latest_non_vulnerable_version":"12.40-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76307?format=json","vulnerability_id":"VCID-cfdy-pnx7-xkfx","summary":"Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22204","reference_id":"","reference_type":"","scores":[{"value":"0.92825","scoring_system":"epss","scoring_elements":"0.99772","published_at":"2026-06-05T12:55:00Z"},{"value":"0.92928","scoring_system":"epss","scoring_elements":"0.99782","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/09/1","reference_id":"1","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/05/09/1"},{"reference_url":"https://hackerone.com/reports/1154542","reference_id":"1154542","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"https://hackerone.com/reports/1154542"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/10/5","reference_id":"5","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/05/10/5"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987505","reference_id":"987505","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987505"},{"reference_url":"https://security.archlinux.org/AVG-1869","reference_id":"AVG-1869","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1869"},{"reference_url":"https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800","reference_id":"cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/50911.py","reference_id":"CVE-2021-22204","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/50911.py"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json","reference_id":"CVE-2021-22204.json","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/","reference_id":"DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/"},{"reference_url":"https://www.debian.org/security/2021/dsa-4910","reference_id":"dsa-4910","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"https://www.debian.org/security/2021/dsa-4910"},{"reference_url":"http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html","reference_id":"ExifTool-12.23-Arbitrary-Code-Execution.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html","reference_id":"ExifTool-DjVu-ANT-Perl-Injection.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/","reference_id":"F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/"},{"reference_url":"http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html","reference_id":"GitLab-13.10.2-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","reference_id":"GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html"},{"reference_url":"https://security.gentoo.org/glsa/202407-27","reference_id":"GLSA-202407-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-27"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/","reference_id":"U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/"},{"reference_url":"https://usn.ubuntu.com/4987-1/","reference_id":"USN-4987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4987-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4987-2/","reference_id":"USN-USN-4987-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4987-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/351731?format=json","purl":"pkg:apk/alpine/perl-image-exiftool@12.24-r0?arch=loongarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/perl-image-exiftool@12.24-r0%3Farch=loongarch64&distroversion=edge&reponame=community"}],"aliases":["CVE-2021-22204"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfdy-pnx7-xkfx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/perl-image-exiftool@12.24-r0%3Farch=loongarch64&distroversion=edge&reponame=community"}